?

Which of the following issues need not be addressed by internal auditors when performing a privacy engagement?